Payments News from Glenbrook Partners
Glenbrook   Book   Education   Jobs   Views   Archives   Store   Advertise   About         SUBSCRIBE:

Enterprises Can't Rely On Social Security Numbers For Identity

Tags » Authentication, Data Security, Identity Management  » Comments (0)

Gartner in a press release this morning says that "recent thefts of personal data from companies and government agencies make it clear that Social Security numbers can no longer be relied on as proof of identity."

Gartner analysts said enterprises should use this data as only part of an overall "identity score."

Avivah Litan, vice president and distinguished analyst at Gartner, recently testified at the oversight hearings for the Committee on Veteran's Affairs regarding the theft of sensitive information belonging to 26.5 million veterans and spouses from a Veteran Affairs employee's home. Ms. Litan told the committee that this latest compromise shows just how unprotected some of the nation's most sensitive data is.

"This incident also shows that the Social Security number has become an extremely unreliable piece of information and cannot be trusted to be unique to an individual. Companies should not rely on Social Security numbers alone as proof of individual identity," Ms. Litan said. "As many as one-in-seven adult Social Security numbers in the U.S. may already have been compromised."

"A company with at least 10,000 accounts to protect can spend, in the first year, as little as $6 per customer account for just data encryption, or as much as $16 per customer account for data encryption, host-based intrusion prevention and strong security audits combined," Ms. Litan said. "This compares with an expenditure of at least $90 per customer account when data is compromised or exposed during a breach."

Encrypting stored data can provide the most robust data protection, but if that is unfeasible because of undue cost and complexity, companies should deploy comprehensive host-based intrusion prevention systems (HIPS). However, successfully deploying HIPS requires strong server configuration control and additional administrative cost and complexity. Another option is strong security audits to validate that the organization has deployed satisfactory mitigating controls, reducing the need for data encryption or HIPS.

"None of these options are mutually exclusive, but implementing all three will still be less expensive than having to respond to a large-scale data breach," Ms. Litan said.

Posted: Jun 5, 2006 08:43 AM Pacific |   |   |   Tweet This

Add your comment... (note that all comments are reviewed before they're published)

Feed You can follow this conversation by subscribing to the comment feed for this post.

If you have a TypeKey or TypePad account, please Sign In

Payments News on Facebook
Glenbrook Partners

PAYMENTS NEWS IS PRODUCED BY AND IS A SERVICE MARK OF GLENBROOK PARTNERS, LLC
ISSN 1556-4487

Glenbrook's Consulting Services

  • Innovation and Strategy
  • Payments Product Development
  • Payments Market Assessments
  • Payments Vendor Selection
  • Merchant Payments Optimization
  • Payments Risk Management
  •  
  • To discuss how Glenbrook can
    help you    , email us:

Glenbrook's Payments Education

  • Payments Boot Camps
  • Payments Essentials Webinars
  • Private Payments Workshops
  •  
  •  
  •  
  •  
  • For more information on Glenbrook's payments education, email us:

Tools for Payments Professionals

  • Glenbrook Writings
  • Payments News
  • Payments Views
  • Payments Jobs
  • Payments Education
  • Payments Bookstore
  •  
  • To send us news that you'd like us to cover on Payments News, email us:

Contacts:                        
Compilation Copyright © 2002 - 2012 Glenbrook Partners LLC. All Rights Reserved.
Terms of Use        Privacy Policy        RSS Feed        Payments News RSS Feed

Subscribe to Payments News   

Follow Payments News on Twitter for Real-Time Updates